In addition to Apple devices, noted security expert and The Mac Hacker’s Handbook co-author Charlie Miller has carried out some fascinating (and potentially terrifying) research into hacking vehicles.
Last year, alongside fellow hacker Chris Valasek, Miller demonstrated that it is possible to hijack the steering and brakes of a Ford Escape and Toyota Prius using only a laptop connected to the car.
Having done that, he has now moved onto exploring vulnerabilities in other vehicles — including his new 2014 Cherokee jeep. All that research comes at a high price, however, since Miller recently revealed on Twitter that he has managed to “brick” his vehicle, after hacking the head unit.
As he put it, “This is an expensive hobby.”
Miller had previously deemed the 2014 Jeep Cherokee one of the vehicles most vulnerable to hackers, alongside the 2015 Cadillac Escalade. His own research was therefore designed to explore the extent of this vulnerability.
He has rated the vehicle hackable based on the number of features that can be hacked (Bluetooth, Wi-Fi, mobile network connections, key fobs, and tyre pressure monitoring systems), the network architecture (giving access to a vehicle’s critical systems, such as the horn, the steering and brakes), and also features such as automated braking, and parking sensors that can be controlled using wireless commands.
Unfortunately, the car head unit he hacked most recently controls functions including the radio, heater, heated steering wheel and seats, rear camera, and sat-nav — leaving Miller with a vehicle best described as “downright primitive.”
After a trip to the automotive shop, where the head unit was replaced, Miller tweeted that, “This is another example of why car research is hard. One little mistake costs you a week and big bucks.”
The hacking appears to have paid off, though, since Miller has determined that his jeep’s software is still vulnerable to jailbreak bug he originally discovered months back.
It looks like latest jeep head unit/software is still vulnerable to the jailbreak bug I disclosed at defcon. pic.twitter.com/lrV7PRB14s
— Charlie Miller (@0xcharlie) December 9, 2014
…and jailbroken. Its not a downgrade, its an upgrade! pic.twitter.com/y29JBGTC1m
— Charlie Miller (@0xcharlie) December 9, 2014
Cult of Mac reached out to Miller, but he says he doesn’t want to talk about his research until it’s completed.
Luke Dormehl is a U.K.-based journalist and author, with a background working in documentary film for Channel 4 and the BBC. He is the author of The Apple Revolution and The Formula: How Algorithms Solve All Our Problems … and Create More, both published by Penguin/Random House. His tech writing has also appeared in Wired, Fast Company, Techmeme and other publications.
10 responses to “How an Apple security expert ‘bricked’ his brand new jeep”
This man is doing good work.
Miller is an expert at nerd PR stunts, mostly. All that pwn to own stuff is ridiculous and in every case has no bearing on anyone’s actual security. Talk about bogus, but of course the beleaguered windows and Android fanboys love it.
I wonder what a new “unbroken” head unit is for this when it is bricked?
If he was smart, he would just play dumb and let the warranty replace it.
If they look at the firmware they’d know it was tampered with. He could play dumb still but not many people know how to do this either.
Time to get Norton AntiVirus on my Kia Soul!
It’s resource heavy… please make sure you have a CTRL+ALT+DELETE function.
ugh! Norton is the armpit of AV software!
Try WebRoot
do i understand correctly that you have to have physical access to the head unit to install this. and perhaps even to use it.
if siomeone can get in my car to do this I have far bigger worries.
What can you do with a jailbroken jeep? Install themes and emulators?